CVE-2022-50368

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dsi: fix memory corruption with too many bridges

Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges.

Patchwork: https://patchwork.freedesktop.org/patch/502668/

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < 4e5587cddb334f7a5bb1c49ea8bbfc966fafe1b8affected
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < f649ed0e1b7a1545f8e27267d3c468b3cb222eceaffected
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < 21c4679af01f1027cb559330c2e7d410089b2b36affected
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < 9f035d1fb30648fe70ee01627eb131c56d699b35affected
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < e83b354890a3c1d5256162f87a6cc38c47ae7f20affected
LinuxLinuxa689554ba6ed81cf606c16539f6ffc2a1dcdaf8e < 2e786eb2f9cebb07e317226b60054df510b60c65affected
LinuxLinux4.1affected
LinuxLinux0 < 4.1unaffected
LinuxLinux4.19.264 <= 4.19.*unaffected
LinuxLinux5.4.223 <= 5.4.*unaffected
LinuxLinux5.10.153 <= 5.10.*unaffected
LinuxLinux5.15.77 <= 5.15.*unaffected
LinuxLinux6.0.7 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References